Vulnerabilities > CVE-2002-0332 - Remote Buffer Overflow vulnerability in Xtell 1.91.1/2.6.1

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
xtell
nessus
exploit available
NVD
Published: 2002-06-25
Updated: 2016-10-18

Summary

Buffer overflows in xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows remote attackers to execute arbitrary code via (1) a long DNS hostname that is determined using reverse DNS lookups, (2) a long AUTH string, or (3) certain data in the xtell request.

Vulnerable Configurations

Part Description Count
Application
Xtell
2

Exploit-Db

descriptionxtell 1.91.1/2.6.1 Multiple Remote Buffer Overflow Vulnerabilities. CVE-2002-0332. Remote exploit for linux platform
idEDB-ID:21309
last seen2016-02-02
modified2002-02-27
published2002-02-27
reporterspybreak
sourcehttps://www.exploit-db.com/download/21309/
titlextell 1.91.1/2.6.1 - Multiple Remote Buffer Overflow Vulnerabilities

Nessus

NASL familyDebian Local Security Checks
NASL idDEBIAN_DSA-121.NASL
descriptionSeveral security related problems have been found in the xtell package, a simple messaging client and server. In detail, these problems contain several buffer overflows, a problem in connection with symbolic links, unauthorized directory traversal when the path contains
last seen2020-06-01
modified2020-06-02
plugin id14958
published2004-09-29
reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/14958
titleDebian DSA-121-1 : xtell - buffer overflow, symlink problem, '..' directory traversal
code
#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-121. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(14958);
  script_version("1.19");
  script_cvs_date("Date: 2019/08/02 13:32:16");

  script_cve_id("CVE-2002-0332", "CVE-2002-0333", "CVE-2002-0334");
  script_xref(name:"DSA", value:"121");

  script_name(english:"Debian DSA-121-1 : xtell - buffer overflow, symlink problem, '..' directory traversal");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several security related problems have been found in the xtell
package, a simple messaging client and server. In detail, these
problems contain several buffer overflows, a problem in connection
with symbolic links, unauthorized directory traversal when the path
contains '..'. These problems could lead into an attacker being able
to execute arbitrary code on the server machine. The server runs with
nobody privileges by default, so this would be the account to be
exploited.

They have been corrected by backporting changes from a newer upstream
version by the Debian maintainer for xtell. These problems are fixed
in version 1.91.1 in the stable distribution of Debian and in version
2.7 for the testing and unstable distribution of Debian."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2002/dsa-121"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Upgrade the xtell packages immediately."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xtell");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2002/03/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
  script_set_attribute(attribute:"vuln_publication_date", value:"2002/02/27");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"2.2", prefix:"xtell", reference:"1.91.1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

References